Ubuntu Security Notice 6959-1 - It was discovered that .NET suffered from an information disclosure vulnerability. An attacker could potentially use this issue to read targeted email messages.
0aaff00746e0a905480253c3bcc728acece90316aa7ecacac8629d61a199fd98Debian Linux Security Advisory 5741-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
8dee3da3b07efa6be058ffcae9199b23d1616a0b89cbd3f0e156b17215c83d6eDebian Linux Security Advisory 5738-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or bypass of Java sandbox restrictions.
813d265dc739824c4ab6e69f47a1f908b3c5100ef0d4a956995fb6a17a51c84cDebian Linux Security Advisory 5736-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or bypass of Java sandbox restrictions.
957d1e7febf0e6ffc2970d2843195a0864cd1906e9b17bd7a94d8dc578a923faThis is the official vulnerability disclosure report for CVEs CVE-2024-38881 through CVE-2024-38891 by jTag Labs. This report details critical security vulnerabilities found within Caterease, a product of Horizon Business Services Inc. These vulnerabilities have significant implications for the confidentiality, integrity, and availability of the software and the sensitive data it handles. The issues include problems like remote SQL injection, command injection, authentication bypass, hard-coded credentials, and more.
922dd24931dfc780dbe72f5070222b4450361d9b42c8b9a975582549453b4573Debian Linux Security Advisory 5735-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
e94d095795272c99417722eadeff327261063340ffbc4e8f2255b1e625e40418An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device comes with a serial interface at the board level. By attaching to this serial interface and rebooting the device, a large amount of information is disclosed. This includes the view password and the password of the Wi-Fi access point that the device used.
b42befc858b86f3d8819791d933601caf73d18c43fef25ac1bf48bd2f453056cAn issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login attempt returns an incomplete authorization cookie. The value of the authorization cookie is the MD5 hash of the password in hexadecimal. An attacker can easily derive the true MD5 hash from this, and use offline cracking attacks to obtain administrative access to the device.
d84a795e3b93f14712bdb170fd5d7cfa43e17cb9853b135d7ed7e9323fa39ce3An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Clients can authenticate themselves to the device using a username and password. These credentials can be obtained through an unauthenticated web request, e.g., for a JavaScript file. Also, the disclosed information includes the SSID and WPA2 key for the Wi-Fi network the device is connected to.
c1840a21faea62a36c6bc7e40c57e0e5b17eba2135cb46888a2b4014361ad916An issue was discovered on One2Track 2019-12-08 devices. Confidential information is needlessly stored on the smartwatch. Audio files are stored in .amr format, in the audior directory. An attacker who has physical access can retrieve all audio files by connecting via a USB cable.
21d88cd70375a513ca358325971700e907cca09906e21a62eda4bd9a20252236An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the "default" account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker can obtain root rights on the device.
0565814322a8c520d48233f4208f575674bdcaee0dd5d4f8a76504f93a015dd4An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created through the web interface, information on all users, including passwords, can be found in cleartext in the backup file. An attacker capable of accessing the web interface can create the backup file.
72a75bc908066ff805bf1c11389d4cbededbfda26a83fc3356cb5a8e513b7675An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being used and the SSID of the Wi-Fi network the device is connected to.
f549ef3c39fe38d7059dc9eac35c3af42528503ec1e98721a75f5dc9da7da20fAn issue was discovered in WiZ Colors A60 1.14.0. Applications use general logs to reflect all kind of information to the terminal. The WIZ application does also use logs, however instead of only generic information also API credentials are submitted to the android log. The information that is reflected in the logging can be used to perform authorized requests in behalf of the user and therefore controlling the lights just as the user can do using the application. In order to obtain the information access to the device logs is required. This can most easily be done via local access and also by other apps on rooted devices.
6492b2c8cbbe7c07a81425d4126782dccb464f0c1bd39f043a2040c848da6ea8AMPLE BILLS version 1.0 appears to suffer from an administrative page disclosure issue.
075664283ea2c622f78ab5765188a914420ae491df36dc028ae8cbe0d7af7a77PPDB ONLINE version 1.3 appears to suffer from an administrative page disclosure issue.
567512dc29f3191d46966af5a6dd1339474aa567f65e1c6564dccda43acadad3Debian Linux Security Advisory 5732-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
ba84e05a4e793af50e4bc61477d6411ed2ca8af40ee288a51b55587888d2ff97Debian Linux Security Advisory 5720-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
b5b11c86d2db811480610e8bc947b766a72e512e4421fd27ff4ece52e3fd3a96Debian Linux Security Advisory 5716-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
c62d6a8690b7d7a9cda4fa67811a45a88793b027295217474d757bb13d189d7cDebian Linux Security Advisory 5710-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
a94c3400d965474f472a6470d2cc5de01f3d9ff6f801375e77f029d1246035caOracle Database versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c allows for unauthorized access to password hashes by an account with the DBA role.
edea13d6bbb4e899e5a14a7b29742067ce892997ff2cae4bac02dd2d1a895ab2Debian Linux Security Advisory 5701-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
02fed5c43638fe4ae91ef3bc5445fdecf0491a21def3562d073c512f4e018893Check Point Security Gateway suffers from an information disclosure vulnerability. Versions affected include R77.20 (EOL), R77.30 (EOL), R80.10 (EOL), R80.20 (EOL), R80.20.x, R80.20SP (EOL), R80.30 (EOL), R80.30SP (EOL), R80.40 (EOL), R81, R81.10, R81.10.x, and R81.20.
9a00e15745eee654d5e56bd4984cd3a4bdcf8830f76d50a2c9914ecf0ab23d3fDebian Linux Security Advisory 5697-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. Google is aware that an exploit for CVE-2024-5274 exists in the wild.
b95760bff73ca523e8064e624e41ac38b2c3c6343a6323e6d07950a7f3418eaf4BRO versions prior to 2024-04-17 suffer from insecure direct object reference and API information disclosure vulnerabilities.
64654958dfdf54f7bad8c42f7237049baba8465ad1f9ae64c3a99c61e5cee06b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed